Welcome to TheChisel's tutorial!

Click on the logo to see who's behind the proposal.

Click on an expert's picture to view the bio.

Click on specific menu items to check out our unique 4-step framework.
  • the issue
  • the solution
  • join the conversation
  • vote
First, click on THE ISSUE, where the experts present a common ground of facts.

Or click on components of THE ISSUE.

Want fun graphics?

Click on the bullets to unfold visuals and further background information.

Discover the experts' solution!
Dive in and engage!

Ask experts your questions. Suggest improvements. Share your stories.

Or reply to another citizen's or expert's comment.

And check out TRENDING TOPICS.

Other ideas?

Create your own topic and add a comment.

You're almost there!

Cast your vote and be heard.

You can change your vote at any time.

Create or update your profile!

Your Profile Page will be created automatically when you join.

After you log in, you will see a dropdown menu under your image to update your profile.

Share your interests with TheChisel’s community!

I want to Chisel!

Take me to the proposals!

Proposal: Cybersecurity: Future Crimes

Everything is connected and everyone is vulnerable. 

The Issue

Problem Defined

Technological advances have and continue to benefit our world. The present-day Internet of Things is a living, global, information grid where just about every physical object is online.

On a threatening flip side, no computer has been created that could not be hacked. Technology can and has been turned against us. Hackers, thieves, and stalkers are exploiting software to track their victims’ every move, rob identities, deplete online bank accounts, or wipe out computer servers. 

Our modern societies are radically dependent on computers to sustain critical infrastructures as varied as national power grids and financial services. But with ever greater connections come even greater risks.

Background
Expand all bullets
1.
Connectivity and dependency
  • All or most of the information needed to destroy one's digital life is readily available online to any hacker who is the least bit scheming or creative.
  • One of the Internet's greatest strengths is its inter-connectivity, which means that peoples from around the world are brought together as never before.
    • Social Media: from 2004 to 2014, Facebook went from having zero to 1.3 billion members worldwide. Interestingly though, 140 million of these are fictitious. Equally impressive, 350 million photos are uploaded daily and the "LIKE" button is pressed about 6 billion times. Also, Twitter, Google, and others are credited with playing a significant role in the political uprisings in the Middle East, commonly referred to as the "Arab Spring."
  • Modern society (electrical grids, air traffic controls, fire department dispatch systems, elevators) is electrically dependent on computers. While we continue to plug additional components of our daily lives into the global information grid, we don't fully consider what this means.
    • Digital devices usage: by 2013, Americans were spending more than 5 hours per day online (paying bills, watching TV series, reading the news, etc).
  • Though physical borders still matter, these divisions are much less clear in an online world. The nature of the Internet means we are living in an increasingly borderless world.
2.
Bad software and vulnerability

Between profitability and security, companies typically choose profits above all else. Since software runs our global economy, the software industry has reached an estimated annual worth of $150 billion. Consumers constantly want newer and feature-rich software faster than ever before, catapulting demand for a wide-array of these products.

Numerous companies rush through insecure code. This causes negative long-term consequences, while the world accepts software flaws as natural in the face of the near-zero responsibility from engineers and coders.

  • The number of new viruses increases exponentially as hackers find new ways to obtain money, information, and power through their malicious software or "malware." By the summer of 2013, cyber-security firm Kaspersky Lab informed it had identified and isolated about 200,000 new malware samples every day.
  • Antivirus products are quickly losing their efficacy. In fact, according to a Verizon study, once hackers locate your network, 75% of the time they can successfully penetrate your defenses within minutes. Unfortunately, our interconnected world is becoming increasingly more dangerous and hostile.
3.
Moore's law: living in exponential times

Moore's law, a concept named after former chairman of Intel Corporation, Gordon Moore, is a principle that states that the power and capabilities of all circuit-based technologies would double every eighteen months to two years. 

All computer-based technologies grow exponentially, not in a linear fashion. Beyond science, this has implications on geopolitics, economics, and just about any aspect of our existence, including crime, that is impacted by technology.

The pace of change is so rapid that futurist writer Ray Kurzweil predicts a moment in time where machine intelligence will outpace human intelligence. 

4.
A growing digital world of data and data surveillance
  1. Data creation: during every minute of every day in 2014, the world sent 204,166,667 emails, shared 684,000 pieces of content on Facebook, published 100,000 tweets on Twitter, texted 34 million messages on WhatsApp, uploaded 48 hours of new video on YouTube, and posted 36,000 new photos on Instagram.
  2. "You're not the customer, you're the product": online companies take the information their users share (about their experiences) and sell it to the highest bidder (advertisers and marketers). In 2012, Google merged its data about you (left behind during each search, song listened to, email written, and voicemail recorded) across all of its services and products to make it even simpler to sell this information to its advertisers. Rather than enjoying so-called free services, all of your privacy and personal information is being stored and sold online. 
  3. Data broker industry: data brokers get their information from Internet service providers, mobile phone companies, online activities, and others. Every piece of information we post and share across social networks gets coded and categorized based on age, race, sexual orientation, phone number, home address, educational level, recent purchases and vacations, and occupation, among others.
      • Federal, state, and local governments have bought information from the data brokers. One study estimates that through the use of proxy surveillance technologies, including mobile phones, social networks, GPS information, and financial transactions, the U.S. government only spends $574 to track each American.
  4. Location: personal location data gives advertisers the ability to track where you were yesterday and where you might be tomorrow, which retailers you spend more time shopping at, and eating preferences, among others. However, GPS and other techniques increase the threat of thieves, stalkers, or rapists. Also, location-based apps are increasingly being used by retailers to maximize customer engagement and spending. 
  5. Terms of Service: conditions and privacy policies that apply when acquiring or purchasing a product. A Carnegie Mellon University study revealed that the average American comes across 1,462 privacy policies per year, many on Internet sites. If he or she were to read every single one, it would take 76 full workdays, at eight hours per day, from our lives.
  6. Online Experience Customization: internet companies actively use computer algorithms to customize the user's online experience. Quantifying prior searches allows these companies to determine user preferences and tailor services accordingly. Aided by filters, the private sector and governments alike, are increasingly determining what information citizens obtain.
5.
Mobile Phone System Insecurity

Mobile, or cell phones, which are becoming society's computer of choice, are possibly the most insecure of all technological devices. Their software is easy to manipulate, making "smart phones" are among the easiest to hack. Given that the risks are poorly understood and their operating systems for protection are underdeveloped, any information stored - text messages, photos, passwords - can be intercepted and hacked.

  • By 2014, McAfee had discovered almost 4 million pieces of mobile phone malware. This figure constituted a 614% increase from the previous year. 
  • A study by Cisco reveals that 99% of all cell phone malware targets the Android operating system. To make matters worse, 85% of smart-phone handsets shipped worldwide by mid-2014 were Android.
  • Increasingly, humans are living through their screens - particularly screens on their mobile phones. These screens attempt to define our world by consistently projecting and manipulating new forms of information.
  • Phone spoofing (screen manipulation), phishing (type of scam ("fake bait") to "fish" a victim), and falsifying locational (GPS) data are all increasingly popular among criminals wanting to hack into personal devices.
Go deeper
1.
Future Crimes

Marc Goodman - (2015)

http://futurecrimesbook.com/

Future Crimes provides a glimpse into the dark side of technological innovation and the unintended consequences of our connected world, and serves as an urgent call to action in taking back control over our own devices and harnessing technology’s tremendous power for the betterment of humanity. 

Expert Authors

.

Giovanni Bruna
Junior Analyst - TheChisel by More Perfect Union

The Solution

Proposed Recommendations
Expand all bullets
1.
The human factor in keeping out intruders

Cyber security is as much a people issue as it is a technical one. Policy makers, coders, and the private sector must consider human behavior when tackling technological risks. According to a 2014 study by IBM Security Services, up to 95% of security incidents involved human error.

Prevention is no longer sufficient. You must proactively search for and chase out all rogue actors (hackers, malware, etc.) from networks and devices. 

Equally important, once a threat is identified, discussing it publicly is a necessity. Although companies and individuals suffer negative ramifications from being a hacking victim, admitting to a cyber problem is the first step to strengthening the world's common technological security.  

Some additional suggestions include:

  • Bring human-centered design to cyber security. If security features are not designed properly, users simply ignore them.
  • Build an "immune system" for the planet as a defensive barrier against malware - a robust, adaptive, and self-healing network that automatically makes necessary repairs to deter potential computer infections from bringing a whole system down.
2.
Build greater resilience

Today's defenses are not adapting quickly enough to match the global technological risks. Since all cyber attacks cannot be stopped, it is important to create a system that will continue to perform its most critical functions even if other less important ones go offline or become unresponsive.

To better protect information, individual breaches and attacks must be isolated and prevented from spreading by developing protective mechanisms that "envelope" our digital possessions and assets.

[ Glossary: "Resiliency means remaining operational in the face of sustained attack by sophisticated opponents." ]

Some examples include: 

  • Multi-factor authentication and bio-metrics: as opposed to the alphanumeric characters of user names and passwords, a fingerprint ID such as the one developed by Apple for the iPhone 6, is a considerable improvement in safety measures. 
  • Reclaiming privacy: one option is to pay small amounts of money to Internet companies so that they store minimal amounts of personal data in order to counter the business model of selling customer identifiable data to brokers and advertisers. Moreover, the European Union's Data Protection Directive enshrines privacy as a fundamental right to all of its citizens.
  • Encryption: make its proper implementation the default standard practice, so that data traffic is not easily intercepted and stolen. This requires education and awareness from consumers.
3.
Reinvent government

If governments continue to operate with linear asymmetry, twenty-first-century problems will not be solved by nineteenth-century institutions. In addressing cyber insecurity, governments must be much more adaptive and innovative in order to keep up with the threats of technological advancements falling into the hands of criminals. 

Two examples of innovation are: 

  • Code for America: a nonprofit that organizes citizen volunteers with computer coding skills to make government services much more simple, effective, and easy to use. 
  • GovLab at New York University: an innovation laboratory dedicated to using technology to redesign the problem-solving capabilities of government institutions.
4.
Create meaningful public-private partnerships

Governments and industries must work together to protect the critical infrastructures that make up the modern world. Since 85% of the US' critical infrastructures is in the hands of the private sector, these public-private partnerships (PPP) are desperately needed. PPPs improve coordination and response rates among peers. However, to establish truly meaningful PPPs, both parties must overcome trust issues when it comes to sharing information. 

5.
Incentivize competitions in cyber security

Today's seemingly impossible problems can be solved by the same types of monetary prizes that inspired previous entrepreneurs to develop new technologies. The XPRIZE Foundation is a nonprofit organization that designs and manages public competitions intended to spur technological development for the overall benefit of humanity. Its incentive prizes serve as engines of innovation and greatly motivate those with a vision for an improved future. 

6.
Practice good cyber hygiene

Internet health, like public health, is a shared responsibility. According to research by the Australian government, the following key strategies can dramatically reduce targeted intrusion risks by 85%. 

  • Application white listing: only allow specifically authorized programs to run on your system. Also, block all unknown executable files and installation routines. 
  • Patch all of your devices' applications: automatically run software updates for programs such as MS Office, Java, PDF, Flash, and browsers. 
  • Patch operating system (OS) vulnerabilities: automatically update your OS such as Windows, Mac, iOS, or Android. This ensures you always use the latest operating system.  
  • Restrict administrative privileges on your computer: spend the majority of your time logged in as a basic user when e-mailing and browsing the internet. Only log in as an administrator on your machine when you need to (e.g., to install new software or make system changes).
7.
Create a cyber Center for Disease Control (CDC)

A cyber CDC could serve a critical role in improving the overall public health of the networks driving the critical infrastructure of the modern world. Microsoft and the EastWest Institute sponsored a report that concluded that a cyber CDC could fulfill the following roles: 

  1. Educate: provide the public with proven methods of cyber hygiene to protect themselves.
  2. Network monitoring: detect infections and malware outbreaks in cyberspace.
  3. Epidemiology: use public health methodologies to study digital disease reproduction and provide guidance on response and remedies.
  4. Immunization: help the public vaccinate against software patches and system updates. 
  5. Incident response: send experts and coordinate global efforts to isolate the sources of online infection, as well as treat those infected.
Expected Results
Expand all bullets
1.
Ordinary citizens play a great role in protecting us all

The ultimate goal is for citizens to acquire a basic knowledge of how the technologies around them work, not just to use these tools to their full advantage, but also so that others cannot take advantage of their technological ignorance and inflict harm.

Education is key in taking responsibility to effectively protect oneself and the community to the fullest extent possible.

2.
Increased effectiveness in public safety

In this technological arms race, the tools to change the world lay in everyone's hands. How the tools are used depends on a concerted effort by all.

Citizens who are mobilized, informed, and trained are better prepared to take back control of devices and networks. They are then able to work jointly with law enforcement to strengthen public safety. This will enable a stronger engagement from citizens in protecting critical infrastructure from rogue actors.

A positive technological future, one that is desired and needed to thrive, will require immense effort and collaboration by all actors in society.

Budget
Budget Impact
Net Present Value

The Conversation

Cast your vote

The Proposal Cybersecurity: Future Crimes needs your vote by Invalid date.
Time remaining: 6 months

Your voice has been heard.

Thank you for voting on this proposal.
You may change your vote or engage in this proposal's conversation any time before Invalid date

Your vote will not be visible to the public.